When you visit otobo.gw.dfnld.nl, you get sent straight to a Microsoft login screen. That alone isn't alarming β many organizations use custom subdomains for federated authentication. But look closer, and this site raises serious questions. The domain is very new, with no history in the Wayback Machine and no favicon or branding to signal who operates it. Its robots.txt file blocks all search engines, making it impossible to find any information about the service. The .nl registry keeps the owner's identity hidden by policy, so you can't look up who registered it. For a site that handles logins β even indirectly by redirecting to Microsoft β that lack of transparency is a major concern. Legitimate organizations using this kind of setup usually have clear documentation, support pages, or at least a public presence. Here, there's nothing. If you landed on this URL, it's worth asking: who sent you here and why? Without a clear answer, treat this subdomain with caution. Our otobo.gw.dfnld.nl safety check gives it a suspicious trust score β not because the redirect itself is dangerous, but because the domain behind it is a black box.
No β otobo.gw.dfnld.nl doesn't look safe
In plain English
This site is a red flag. It immediately redirects to a Microsoft login page, but the domain itself is brand new, hides its ownership, and blocks search engines from seeing anything. Without knowing who's behind it, you can't be sure that login page is pointing to the right place. I'd steer clear until there's more transparency.
What you should do now
Don't panic. These steps limit the damage, and the sooner you take them the better.
Don't enter any details
No passwords, card numbers or personal information β even if the site looks professional.
Close the tab
Especially if you got here from an email, text message or social media ad.
Already paid? Call your bank
Contact your bank or card provider right away. They can often stop or reverse a recent payment.
Warn others
Report the site and share this check with anyone who sent you the link.
Where the score comes from
Strong technical security: valid certificate, modern encryption, and browser protections like clickjacking prevention are all in place. The site itself is well-configured, even if it's just a redirect to Microsoft's login.
Who runs this site is essentially invisible. The .nl registry keeps ownership private, the site is brand new with no web archive history, and it has no favicon or branding. A redirect to a Microsoft login page doesn't help β it's unclear if this is a legitimate federated login or something less trustworthy.
Neutral at best. The domain isn't flagged on any blacklists, but it's also too new and unknown to have any real reputation. No reviews, no web history, and no social presence make it hard to gauge trust.
Nearly nonexistent. The site blocks all search crawlers, has no contact info or about page, and doesn't seem to present any information about who it belongs to. For a site that redirects to a login page, this is a serious red flag.
No legal pages like a privacy policy or terms of service are visible. Since the site isn't a typical business site but a redirect, it's still missing any form of compliance disclosure. Users have no idea what data handling rules apply.
DNS setup is minimal: no email handling, no DNSSEC, and a misconfigured sitemap. The robots.txt that blocks everything is suspicious for a legitimate site. On the plus side, basic connectivity and security headers are decent.
What we checked
Think this verdict is wrong?
Site owners can request a fresh scan. Scores update automatically as signals change.